P
US11048798B2ActiveUtilityPatentIndex 56

Method for detecting libraries in program binaries

Assignee: SYNOPSYS INCPriority: Sep 25, 2014Filed: May 12, 2020Granted: Jun 29, 2021
Est. expirySep 25, 2034(~8.2 yrs left)· nominal 20-yr term from priority
Inventors:HAYRYNEN ANTTIVAYRYNEN ANTTI
G06F 21/563G06N 20/00G06F 21/577G06F 2221/033G06F 11/3688G06F 21/51G06F 11/362G06F 8/47G06F 9/44521
56
PatentIndex Score
1
Cited by
13
References
20
Claims

Abstract

This document discloses a solution for detecting, by a computer apparatus, computer program library in a binary computer program code. A method according to an embodiment of the solution comprises in the computer apparatus: acquiring a reference computer program library file in a binary form; and determining at least one signature set of binary data from a read-only section of the reference computer program library, wherein the at least one signature set of binary data is determined to contain constant binary data that is unique to the reference computer program library; the method further comprising a testing phase comprising: acquiring binary computer program code and at least one signature set of binary data associated with each reference computer program library to be searched for; searching the binary computer program code for said at least one signature set of binary data; and upon determining that a signature set of binary data has been detected in the binary computer program code, determining that the binary computer program code comprises the computer program library associated with the detected signature set of binary data.

Claims

exact text as granted — not AI-modified
We claim: 
     
       1. A method for detecting a target computer program library in a binary computer program code, the method comprising:
 creating, by a processor, a signature set corresponding to binary data from a section of a reference computer program library; 
 obtaining, by the processor, a debug symbol table corresponding to the reference computer program library; 
 mapping, by the processor, based on one or more references from the debug symbol table, a location of the reference program library to a corresponding location of the debugging instance, wherein the location of the reference program library is within the section of the reference computer program library; 
 searching, by the processor, the binary computer program code for the signature set, while maintaining the binary computer program code in raw form; 
 detecting, by the processor, at least part of the signature set in the binary computer program code, based on the searching; and 
 determining, by the processor, whether the binary computer program code comprises the target computer program library, based on the detected signature set. 
 
     
     
       2. The method of  claim 1 , wherein the detecting further comprises:
 identifying, in the binary computer program code, at least one data constant corresponding to at least one point in the section of the reference computer program library. 
 
     
     
       3. The method of  claim 1 , wherein the detecting further comprises:
 matching, in the binary computer program code, a plurality of sub-blocks of the signature set to a plurality of locations in the binary computer program code. 
 
     
     
       4. The method of  claim 3 , wherein the plurality of locations in the binary computer program code matched with the plurality of sub-blocks of the signature set comprise non-contiguous locations in the binary computer program code. 
     
     
       5. The method of  claim 1 , further comprising weighting specific sub-blocks of a plurality of sub-blocks of the signature, wherein a first set of the specific sub-blocks is weighted more heavily than a second set of the specific sub-blocks. 
     
     
       6. The method of  claim 5 , wherein the second set of the specific sub-blocks is associated with edges of a given signature of the signature set, and wherein the first set of the specific sub-blocks is associated with parts of the given signature not at the edges of the given signature. 
     
     
       7. The method of  claim 1 , further comprising assessing, in response to the determining, a compliance status of the binary computer program code with respect to a software license of the target computer program library. 
     
     
       8. The method of  claim 1 , further comprising assessing, in response to the determining, a vulnerability status of the binary computer program code. 
     
     
       9. A system comprising:
 a memory; and 
 at least one processor coupled to the memory and configured to perform operations comprising:
 creating a signature set corresponding to binary data from a section of a reference computer program library; 
 obtaining a debug symbol table corresponding to the reference computer program library; 
 mapping, based on references from the debug symbol table, a location of the reference program library to a corresponding location of the debugging instance, wherein the location of the reference program library is within the section of the reference computer program library; 
 searching a binary computer program code for the signature set, while maintaining the binary computer program code in raw form; 
 detecting at least part of the signature set in the binary computer program code based on the searching; and
 determining whether the binary computer program code comprises the target computer program library, based on the detected signature set. 
 
 
 
     
     
       10. The system of  claim 9 , wherein the detecting further comprises:
 identifying, in the binary computer program code, at least one data constant corresponding to at least one point in the section of the reference computer program library. 
 
     
     
       11. The system of  claim 9 , wherein the detecting further comprises:
 matching, in the binary computer program code, a plurality of sub-blocks of the signature set to a plurality of locations in the binary computer program code, wherein the plurality of locations in the binary computer program code matched with the plurality of sub-blocks of the signature set comprise non-contiguous locations in the binary computer program code. 
 
     
     
       12. The system of  claim 9 , the operations further comprising weighting specific sub-blocks of a plurality of sub-blocks of the signature, wherein a first set of the specific sub-blocks is weighted more heavily than a second set of the specific sub-blocks, wherein the second set of the specific sub-blocks is associated with edges of a given signature of the signature set, and wherein the first set of the specific sub-blocks is associated with parts of the given signature not at the edges of the given signature. 
     
     
       13. The system of  claim 9 , the operations further comprising:
 assessing, in response to the determining, a compliance status of the binary computer program code with respect to a software license of the target computer program library. 
 
     
     
       14. The system of  claim 10 , the operations further comprising assessing, in response to the determining, a vulnerability status of the binary computer program code. 
     
     
       15. A non-transitory computer-readable storage medium having instructions stored thereon that, when executed by at least one computing device, cause the at least one computing device to perform operations comprising:
 creating a signature set corresponding to binary data from a section of a reference computer program library, based at least in part on a plurality of data constants in the binary data; 
 obtaining a debug symbol table corresponding to the reference computer program library; 
 mapping, based on references from the debug symbol table, a location of the reference program library to a corresponding location of the debugging instance, wherein the location of the program reference library is within the section of the reference computer program library;
 searching a binary computer program code for the signature set, while maintaining the binary computer program code in raw form; 
 
 detecting at least part of the signature set in the binary computer program code, based on the searching; and
 determining whether the binary computer program code comprises the target computer program library, based on the detected signature set. 
 
 
     
     
       16. The non-transitory computer-readable storage medium of  claim 15 , wherein the detecting further comprises:
 identifying, in the binary computer program code, at least one data constant corresponding to at least one point in the section of the reference computer program library. 
 
     
     
       17. The non-transitory computer-readable storage medium of  claim 15 , wherein the detecting further comprises:
 matching, in the binary computer program code, a plurality of sub-blocks of the signature set to a plurality of locations in the binary computer program code, wherein the plurality of locations in the binary computer program code matched with the plurality of sub-blocks of the signature set comprise non-contiguous locations in the binary computer program code. 
 
     
     
       18. The non-transitory computer-readable storage medium of  claim 15 , the operations further comprising weighting specific sub-blocks of a plurality of sub-blocks of the signature, wherein a first set of the specific sub-blocks is weighted more heavily than a second set of the specific sub-blocks, wherein the second set of the specific sub-blocks is associated with edges of a given signature of the signature set, and wherein the first set of the specific sub-blocks is associated with parts of the given signature not at the edges of the given signature. 
     
     
       19. The non-transitory computer-readable storage medium of  claim 15 , the operations further comprising:
 assessing, in response to the determining, a compliance status of the binary computer program code with respect to a software license of the target computer program library. 
 
     
     
       20. The non-transitory computer-readable storage medium of  claim 15 , the operations further comprising assessing, in response to the determining, a vulnerability status of the binary computer program code.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.